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DETAILED ACTION 



1 . Claims 1 -9 are pending. 

2. Amendment submitted 26 August 2004 has been received and entered. 

Response to Arguments 

3. Applicant's arguments filed 26 August 2004 have been fully considered but they 
are not persuasive. 

4. Applicant has argued on pages 9 and 10 that the Redlich reference (US Patent 
No. 6,591,306) fails to teach, "each PDU having a message-type field by which the 
security entity in the intermediate system can determine whether a PDU it receives 
encapsulates a PDU to be extracted and sent on." Examiner respectfully disagrees and 
contends that Redlich does in fact teach the above-cited limitation. Redlich teaches 
each PDU having a message-type field by which the security entity in the intermediate 
system can determine whether a PDU it receives encapsulates a PDU to be extracted 
and sent on (Redlich, column 21 lines 22-33, column 25 lines 27-32, column 26 lines 6- 
12, column 28 lines 19-35, port number). Redlich's message-type field is the PDU's 
port number that is used to determine where a PDU should be routed. The PDU's port 
number identifies the guest that corresponds to a particular packet (Redlich, column 28 
lines 19-35) and is used when extracting packets to be sent on (Redlich, column 26 
lines 6-12). 
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5. Applicant has further argued against the motivation for combining Redlich and 
Kirby for the rejection of claim 2 (see paragraphs 7-8 of office action mailed 5/26/04). ' 
Applicant has submitted that Redlich contemplates a single security session with a 
single tunnel connection and thus Examiner's motivation for combining the references is 
not applicable. Examiner respectfully disagrees. Redlich does contemplate multiple 
tunnels being available (Redlich, column 24 lines 53-57, column 25 lines 15-18). 

6. Applicant has further argued against the combination of Redlich and 
Subramaniam on page 1 1 . Examiner contends that the combination provides an 
advantage and thus would have been obvious to one of ordinary skill in the art. The 
combination of Redlich and Subramaniam offers the advantage of providing secure 
access to a secure intranet (Subramaniam, column 3 lines 11-18) through a broker that 
is versatile depending on the security needs of the local application entity 
(Subramaniam, column 3 line 52 - column 4 line 4). Subramaniam's system provides a 
more versatile system and thus provides an advantage over Redlich's system. 

Claim Rejections - 35 (JSC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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8. Claims 1 and 9 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Redlich US Patent No 6,591 ,306. 

9. With regards to claim 1 , Redlich discloses a system for IP network access for 
portable devices in which he teaches a transport entity for providing transport services 
(Redlich, column 25 lines 3-7 and lines 29-31), a security entity logically positioned 
above the transport entity and operative to set up secure communications sessions with 
peer security entities in other systems for the passing of application messages in PDU's 
(Redlich, column 25 lines 54-59), the security entity including a tunneling mechanism for 
establishing a tunnel through an access-controlling intermediate system whereby to 
enable the local application entity to exchange application messages securely with a 
remote application entity on another system reachable via the intermediate system 
(Redlich, Figures 9 and 11, column 25 lines 19-42, column 26 lines 1-11), the tunneling 
mechanism establishing this tunnel by first setting up a first security session with the 
intermediate system and then a nested second security session with another system 
with PDUs associated with the second session being encapsulated within PDUs 
associated with the first session (Redlich, column 25 line 54 column 26 line 1 1) and 
being extracted by the intermediate system for sending to another system (Redlich, 
column 21 lines 42-57), and each PDU having a message-type field by which the 
security entity in the intermediate system can determine whether a PDU it receives 
encapsulates a PDU to be extracted and sent on (Redlich, column 21 lines 22-33, 
column 25 lines 27-32, column 26 lines 6-12, column 28 lines 19-35, port number). 
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10. With regards to claim 9. Redlich teaches the local entity establishing first and 
second secure communication sessions respectively with the intermediate system 
(Redlich, column 25 lines 27-42, column 25 line 54 column 26 line 1 1 ) and the remote 
system with protocol data units, PDUs, associated with the second secure session 
being encapsulated within PDUs associated with the first secure session (Redlich, 
column 27 lines 1-10, data packets into PPP packets, PPP packets into GRE packets), 
each PDU including a type indicator (Redlich, column 28 lines 19-23, port number), and 
an intermediate system using said type indicator to determine whether a PDU it 
receives encapsulates a PDU associated with the second secure session and therefore 
to be sent on to the remote system (Redlich, column 28 lines 19-35). 

Claim Rejections - 35 (JSC § 103 

1 1 . The following is a quotation of 35 U.S.G. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

12. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Redlich 
Patent No 6,591 ,306 in view of Kirby et al US Patent No 5,898,784. 

13. With regards to claim 2, Redlich, as described above fails to teach the 
destination address being modifiable. Kirby teaches each PDU having a destination 
address that is modifiable without invalidating any security processing applied 
specifically to that PDU whereby the intermediate system can redirect PDUs that are 
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indicated by the message type of an encapsulating PDU as intended for sending on 
(Kirby, column 6 lines 17-25). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to utilize Kirb/s method of modifying 
destination addresses because it offers the advantage of allowing the routing of packets 
to the correct destination system depending on the tunnel over which it was sent (Kirby, 
column 2 lines 51-55). 

14. Claims 3-5 and 7 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Redlich US Patent No 6,591 ,306 in view of Subramaniam et al US Patent No 
6,081.900. 

15. With regards to claims 3, Redlich as described above, fails to teach the 
establishment of a security session effected through a handshake process by showing 
certificates exchanged between the security entities. Subramaniam teaches the 
establishment of a security session effected through a handshake process between 
security entities during which each application entity involved is required to show by 
attribute certificates that it possesses certain attributes required of it by the other 
application entity (Subramaniam, column 12 lines 19-46). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
Subramaniam's method of using certificates for authentication because it offers the 
advantage of providing a method for a client to have convenient, efficient, and secure 
access to data stored within a secure network (Subramaniam, column 3 lines 1-6). 
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16. With regards to claims 4-5 and 8. Redlich as described above, fails to teach a 
remote broker system running a broker application that fronts for a target application 
entity. Subramaniam teaches a remote broker system running a broker application that 
fronts for a target application entity (Subramaniam, column 6 lines 61-64), the security 
entity being initially operative to seek to establish a security session with the broker 
application as the target application entity requiring of the broker application attributes 
considered by the local application entity as appropriate for the target application 
(Subramaniam, column 10 lines 36-62), the broker application responding by causing its 
associated security entity to return as part of its handshake with the security entity of the 
local application an indication that the broker application is a relay for the target 
application entity (Subramaniam, column 10 lines 36-62), the local application entity 
being operative to decide whether to request a tunnel be set up through the broker 
system by the tunneling mechanism and if so what requirements must now be met by 
the broker application (Subramaniam, column 10 line 62 - column 1 1 line 2). At the 
time the invention was made, it would have been obvious to a person of ordinary skill in 
the art to utilize Subramaniam's broker application because it offers the advantage of 
providing secure access to a secure intranet (Subramaniam, column 3 lines 11-18) 
through a broker that is versatile depending on the security needs of the local 
application entity (Subramaniam, column 3 line 52 - column 4 line 4). 

17. With regards to claim 7, Redlich teaches a transport entity for providing transport 
services (Redlich, column 25 lines 3-7 and lines 29-31), a security entity logically 
positioned above the transport entity and operative to set up secure communications 
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sessions with peer security entities in other systems for the passing of application 
messages in PDU's (Redlich, column 25 lines 54-59), the security entity including a 
tunneling mechanism for establishing a tunnel through an access-controlling 
intermediate system whereby to enable the local application entity to exchange 
application messages securely with a remote application entity on another system 
reachable via the intermediate system (Redlich, Figures 9 and 1 1 , column 25 lines 19- 
42, column 26 lines 1-11), the tunneling mechanism establishing this tunnel by first 
setting up a first security session with the intermediate system and then a nested 
second security session with another system with PDUs associated with the second 
session being encapsulated within PDUs associated with the first session (Redlich, 
column 25 line 54 column 26 line 11) and being extracted by the intermediate system 
for sending to another system (Redlich, column 21 lines 42-57), and each PDU having a 
message-type field by which the security entity in the intermediate system can 
determine whether a PDU it receives encapsulates a PDU to be extracted and sent on 
(Redlich, column 21 lines 22-33, column 25 lines 27-32). Redlich fails to teach the 
establishment of a security session effected through a handshake process by showing 
certificates exchanged between the security entities. Subramaniam teaches the 
establishment of a security session effected through a handshake process between 
security entities during which each application entity involved is required to show by 
attribute certificates that it possesses certain attributes required of it by the other 
application entity (Subramaniam, column 12 lines 19-46). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize 
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Subramaniam's method of using certificates for authentication because it offers the 
advantage of providing a method for a client to have convenient, efficient, and secure 
access to data stored within a secure network (Subramaniam, column 3 lines 1-6). 



18. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Redlich 
Patent No 6,591 .306 in view of Brueckheimer et al US Patent No 6,574,224. Redlich, 
as modified and described above, fails to teach the tunneling mechanism capable of 
setting up multiply nested security sessions. Brueckheimer discloses a system for 
processing communications traffic in which he teaches a tunneling mechanism capable 
of setting up multiply nested security sessions though a corresponding number of 
intermediate systems (Brueckheimer. column 6 lines 41-46). At the time the invention 
was made, it would have been obvious to a person of ordinary skill in the art to utilize 
Brueckheimer's method of nesting security sessions across multiple intermediate 
systems because it offers the advantage helping reduce latency by providing a method 
of establishing tunnels across a wide variety systems in an integrated network 
(Brueckheimer, column 1 lines 8-26 and column 2 lines 3-40). 



Conclusion 



19. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L Nalven whose telephone number is 571 272 
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3839. The examiner can normally be reached on Monday - Thursday 8-6, Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on 571 272 3838. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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T-":-^::ri09Y CEMTSR 2100 



